1. Field of the Invention
The present invention relates to an embedded apparatus connected to a client device, a remote-processing method, and a computer program product.
2. Description of the Related Art
In recent years, in an embedded apparatus such as a multifunction peripheral (MFP) that includes a printer function, a copier function, a facsimile function, a scanner function, and the like, various settings, reference or change of the settings, and the like are performed from a client device by a remote-communication service (hereinafter, “telnet service” (telecommunication network service)) using telnet protocol.
The various settings and the reference or change of the settings of the embedded apparatus are preferably performed by an encrypted communication not by an unencrypted communication in plain text to enhance security.
However, the telnet protocol that is used in the various settings and the like is a protocol for communication in plain text, so that the encrypted communication using a secure shell (SSH) program (hereinafter, “SSH service”) is considered for improving security. In other words, it is considered to perform the various settings and the like for the embedded apparatus from the client device by the encrypted communication using the SSH service.
The telnet service in the embedded apparatus is different from the one used in UNiplexed Information and Computing System (UNIX) (registered trademark). Specifically, in the telnet service used in UNIX, a user logs into a server from the client device via a network for a remote operation. For example, the user can access a UNIX file system on the server from a shell or can execute commands provided in UNIX on the server from the shell.
On the other hand, the telnet service in the embedded apparatus cannot access a file system of the embedded apparatus or allow execution of commands provided in an operating system (OS) of the embedded apparatus, which is different from the one used in UNIX. In other words, the telnet service in the embedded apparatus only has a function as a computer program for performing the various settings and the like by the remote operation from the client device.
Moreover, the SSH service in the embedded apparatus also functions differently from the one in UNIX. Specifically, in the SSH service in UNIX, a user can log into a server by the encrypted communication using secure socket layer (SSL) protocol to start the shell and perform the remote operation from the shell similarly to the telnet service. On the other hand, the SSH service in the embedded apparatus does not have a function of the shell because access to a file system or execution of UNIX commands are not allowed as described above, so that the shell cannot be started.
Therefore, the following methods are considered to perform the various settings and the like of the embedded apparatus from the client device by the encrypted communication.
A first method is to embed a function equivalent to the telnet service, i.e., a telnet daemon, to the SSH service, i.e., an SSH daemon.
However, with this method, maintenance for both of the telnet daemon and the SSH daemon is required, thereby complicating maintenance and management of computer programs.
A second method is to establish a pipe connection between the SSH daemon and the telnet daemon by starting the telnet daemon directly by the SSH daemon. In a typical method in UNIX, the telnet daemon is started by an inet (Internet) daemon.
However, with this method, a new telnet daemon needs to be developed, and a process for identifying a port becomes complicated.
Therefore, a method of providing a function equivalent to the telnet service using a port forwarding function as a function of the SSH service is considered. Specifically, a technique is known to access the telnet service from an internal network using the port forwarding function, thus enabling to use the telnet service.
However, although the port forwarding function enables the encrypted communication via the SSH daemon to a port connectable by the unencrypted communication, it is not for avoiding the unencrypted communication. Therefore, the unencrypted communication can still be used. In other words, the telnet daemon needs to be always run to use the port forwarding function of the SSH, which means that not only a port for the encrypted communication but also a port for the unencrypted communication are always in an open state.
Therefore, when a user who is unfamiliar with a security performs the unencrypted communication, plaintext information may be read by a third party. For example, Japanese Patent Application Laid-open No. 2007-251568 discloses a technique as a countermeasure for the above problem, in which when a request for the unencrypted communication is received from the client device, a reply is sent to the client device to cause the client device to perform the encrypted communication.
However, in the above technique, the unencrypted communication can be avoided only by nullifying the function of the unencrypted communication, causing the SSH port forwarding function unusable.